CVE-2022-3358 and CVE-2022-3602

Question

Hello,

our users are on Alteryx Designer 2024.1 version 2024.1.1.49. However, Defender is still picking up openssl CVE-2022-3358 vulnerabilities on the machines.  After digging further, these are the paths being reported

c:\program files\alteryx\bin\miniconda3\envs\designerbasetools_venv\lib\site-packages\fiona.libs\libcrypto-3-x64-a01a35133eabbaa7e6e19da1e5f63695.dll

c:\program files\alteryx\bin\miniconda3\envs\designerbasetools_venv\lib\site-packages\fiona.libs\libssl-3-x64-e88ae0d1a643910f0739148d07de784b.dll

Any suggestions?

apathetichell · Answer

flag this to your rep. expect a patch. downgrade to a prior version of Alteryx which uses a different python version (ie any before 2024.1)

or delete the dll files directly and see if anything breaks. I do not see these site-packages on old version of Alteryx like I use.